Chapter 46: ASP Request
1. What is the Request Object?
The Request object is the server’s way of reading everything the browser sent in the HTTP request.
It is the input channel — everything the user typed, clicked, or the browser automatically included arrives through Request.
In simple words:
- Request = what the browser is telling the server
- Response = what the server is sending back
Without Request, your ASP page would be completely blind — no form data, no URL parameters, no cookies, no headers, no IP address, nothing.
2. The Five Most Important Request Collections
These are the collections (dictionaries) inside the Request object. You almost always access them using the (“key”) syntax.
| Collection | What it contains | Most common use case | Example access |
|---|---|---|---|
| Request.Form(“key”) | Data from <form method=”post”> | Login, registration, contact forms, checkout | name = Request.Form(“txtName”) |
| Request.QueryString(“key”) | Data from URL (?key=value) | Search, pagination, links, filters | search = Request.QueryString(“q”) |
| Request(“key”) | Looks in Form first, then QueryString (shortcut) | Most pages use this — convenient | id = Request(“id”) |
| Request.Cookies(“key”) | Cookies sent by browser | Remember me, preferences, tracking | theme = Request.Cookies(“Theme”) |
| Request.ServerVariables(“key”) | Server & client info (IP, browser, referrer, etc.) | Logging, security, analytics | ip = Request.ServerVariables(“REMOTE_ADDR”) |
Golden Rule #1 (write this 10 times):
|
0 1 2 3 4 5 6 |
<%= Server.HTMLEncode(Request("username")) %> |
Never print raw user input — always use Server.HTMLEncode to prevent XSS attacks.
Golden Rule #2:
Use Request(“key”) shortcut in most cases — it checks Form first, then QueryString. Only use Request.Form or Request.QueryString when you specifically want to force one or the other.
3. Real Example 1 – Complete Form + Request Processing
File: register.asp
|
0 1 2 3 4 5 6 |
<%@ Language=VBScript %> <% Option Explicit %> <!DOCTYPE html> <html> <head> <title>Register</title> </head> <body> <h2>Register</h2> <% Dim submitted, username, email, errorMsg submitted = False errorMsg = "" ' Detect POST If Request.ServerVariables("REQUEST_METHOD") = "POST" Then submitted = True username = Trim(Request("txtUsername")) email = Trim(Request("txtEmail")) If username = "" Then errorMsg = errorMsg & "Username required.<br>" If email = "" Then errorMsg = errorMsg & "Email required.<br>" If errorMsg = "" Then ' Here you would save to database Response.Write "<div style='color:green; padding:15px; border:2px solid green;'>" Response.Write "Welcome, " & Server.HTMLEncode(username) & "!<br>" Response.Write "Confirmation sent to " & Server.HTMLEncode(email) Response.Write "</div>" Else Response.Write "<div style='color:red; padding:10px; border:1px solid red;'>" Response.Write "Errors:<br>" & errorMsg Response.Write "</div>" End If End If %> <% If Not submitted Or errorMsg <> "" Then %> <form method="post" action="register.asp"> Username:<br> <input type="text" name="txtUsername" value="<%= Server.HTMLEncode(username) %>" size="40"><br><br> Email:<br> <input type="text" name="txtEmail" value="<%= Server.HTMLEncode(email) %>" size="40"><br><br> <input type="submit" value="Register"> </form> <% End If %> </body> </html> |
Key learning points:
- Request(“txtUsername”) works whether data came from POST or GET
- Re-fill fields after error with value=”<%= Server.HTMLEncode(value) %>”
- REQUEST_METHOD = “POST” is a reliable way to detect form submit
- Always Trim() — users add extra spaces
4. Example 2 – QueryString (Search & Pagination – Very Common)
|
0 1 2 3 4 5 6 |
<form method="get" action="search.asp"> Search: <input type="text" name="q"> <input type="submit" value="Search"> </form> <% Dim searchTerm searchTerm = Trim(Request("q")) If searchTerm <> "" Then Response.Write "<h3>Results for: " & Server.HTMLEncode(searchTerm) & "</h3>" ' Simulate DB search Dim keywords keywords = Split(searchTerm, " ") For Each word In keywords Response.Write "<p>Looking for: " & Server.HTMLEncode(word) & "</p>" Next End If %> |
5. Example 3 – ServerVariables (IP, Browser, Referrer – Very Useful for Logging/Security)
|
0 1 2 3 4 5 6 |
<p>Your IP address: <%= Request.ServerVariables("REMOTE_ADDR") %></p> <p>Your browser: <%= Request.ServerVariables("HTTP_USER_AGENT") %></p> <p>How you arrived here: <%= Request.ServerVariables("HTTP_REFERER") %></p> <p>Server name: <%= Request.ServerVariables("SERVER_NAME") %></p> |
Common security use:
|
0 1 2 3 4 5 6 |
<% Dim ip ip = Request.ServerVariables("REMOTE_ADDR") If ip = "123.45.67.89" Then Response.Write "<p style='color:red;'>Access denied - banned IP.</p>" Response.End End If %> |
6. Teacher Summary – ASP Request Object in Classic ASP
ASP Request Object is the server’s way to read everything the browser sent:
- Request.Form(“key”) — POST data (forms, file uploads)
- Request.QueryString(“key”) — GET data (URL parameters)
- Request(“key”) — convenient shortcut (Form first, then QueryString)
- Request.Cookies(“key”) — cookies sent by browser
- Request.ServerVariables(“key”) — server/client info (IP, browser, referrer, method, etc.)
Always remember:
- Use Server.HTMLEncode on all user-controlled output
- Use Trim() on strings from Request
- Use IsNumeric, CLng, CInt when expecting numbers
- Use REQUEST_METHOD = “POST” to detect form submit
- Request(“key”) is safe and convenient in most cases
This is how millions of Classic ASP pages read form data, URL parameters, cookies, and client info — and many legacy Indian systems still use exactly this Request object style in 2026.
Next class?
- Want a full login + registration example using Request + Session + Cookies?
- Or how to read uploaded files with Request.Form.Files (very common request)?
- Or compare Classic ASP Request vs modern ASP.NET Core HttpContext.Request?
- Or move to the next W3Schools topic (ASP Cookies or ASP Sessions)?
Just tell me — I’m here! 🚀🇮🇳 Keep learning strong, Webliance! 😊
